DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?15861920342020-05-07T13:47:32ZDuckCorp Projects
Redmine DuckCorp Infrastructure - Bug #697 (In Progress): Fix "Found variable using reserved name: port" ...https://projects.duckcorp.org/issues/6972020-05-07T13:47:32ZPierre-Louis Bonicolipierre-louis.bonicoli@gmx.fr
<p>ansible-role-ssh: Don't use reserved name 'port'</p>
<p>Fix this warning:</p>
<pre>
[WARNING]: Found variable using reserved name: port
</pre>
<p>Once merged the following patch will be required on the main repository:<br /><pre>
--- a/ansible/roles/dc-base/tasks/main.yml
+++ b/ansible/roles/dc-base/tasks/main.yml
@@ -52,7 +52,7 @@
import_role:
name: ssh
vars:
- port: "{{ ssh.port }}"
+ sshd_port: "{{ ssh.port }}"
listen_addresses: "{{ ssh.listen_addresses }}"
# for GuiHome streaming
enable_gatewayports: "{{ inventory_hostname == 'Toushirou' }}"
</pre></p> DuckCorp Infrastructure - Bug #694 (New): Proper mail configuration for non-MX/relay servershttps://projects.duckcorp.org/issues/6942020-04-16T05:12:10ZMarc Dequènesduck@duckcorp.org
<p>Thorfinn seem to have a basic loopback-only config. Nicecity has exim. It is a bit of a mess.<br />Also having proper TLS settings would be better.</p> DuckCorp Infrastructure - Enhancement #693 (New): LXD on Elwinghttps://projects.duckcorp.org/issues/6932020-04-14T06:40:23ZMarc Dequènesduck@duckcorp.org
<p>I need to continue exploring LXD on Elwing. Not sure if we can use it to replace Orfeo in case we loose it or the housing but it may become handy.</p>
<p>Currently on major problem is the Debian packaging which is still WIP: <a class="external" href="https://wiki.debian.org/LXD">https://wiki.debian.org/LXD</a><br />My package has not been updated for a while and I would like a more stable solution if we're to use it in production.</p> DuckCorp Infrastructure - Bug #692 (New): Elwing cannot be unlocked remotelyhttps://projects.duckcorp.org/issues/6922020-04-12T15:28:35ZMarc Dequènesduck@duckcorp.org
<p>The server is not listening on SSH port as expected.</p> DuckCorp Infrastructure - Tracking #691 (New): certbot: conflicts when alias is also used for ano...https://projects.duckcorp.org/issues/6912020-04-08T03:12:43ZMarc Dequènesduck@duckcorp.org
<p>see <a class="external" href="https://github.com/certbot/certbot/issues/7887">https://github.com/certbot/certbot/issues/7887</a></p> DuckCorp Infrastructure - Enhancement #690 (New): Migrate Inspircd to v3https://projects.duckcorp.org/issues/6902020-04-04T12:52:37ZMarc Dequènesduck@duckcorp.org
<p>This is needed in order to be able to reload the TLS certificate when it is renewed. Currently the <em>/REHASH -ssl</em> command does not work and the code show it is not implemented, even in the latest version in the v2 series. There is no signal supported either thus a restart is compulsory. I wanted to switch to Let's Encrypt so the signal support is needed.</p>
<p>There is no backport, so we need to ask for one or make a custom package.</p>
<p>The configuration has changed a lot in v3, let's be careful.</p> DuckCorp Infrastructure - Enhancement #689 (New): Log aggregation and monitoringhttps://projects.duckcorp.org/issues/6892020-04-04T08:42:12ZMarc Dequènesduck@duckcorp.org
<p>I could not find a simple system really doing something similar to logcheck on an aggregation server.</p>
<p>As I want to take advantage of the proper split of information we can get in a journal (currently systemd journald) instead of a long line of text formatted in various ways, I was thinking about simply using systemd-journal-remote to collect all remote logs (sent by clients with systemd-journal-upload). I do not feel the need for a fancy UI and I would prefer to avoid installing a web service (currently the monitoring has one but we plan to split), so simply using journalctl with the <em>--merge</em> option should be sufficient for our need.</p>
<p>Then to be consistent we would also need to replace logcheck to do centralized filtering and alerting. I found some projects but most dead of not having a very nice approach. On project caught my eyes though: <a class="external" href="https://github.com/twaugh/journal-brief">https://github.com/twaugh/journal-brief</a><br />I like the idea to use the Python systemd binding to directly access the journal and be able to filter using any field. Then we could run it in batch or continuously and think how we would like alerts to reach us. It could be interesting to use the priority of the message to send through vwrious means XMPP/IRC for urgent matters and email reports for the rest.</p>
<p>When we're happy with the new system we then need to decide if we keep rsyslog or downsize its config.</p> DuckCorp Infrastructure - Tracking #688 (New): ansible/yarn: module bugshttps://projects.duckcorp.org/issues/6882020-04-01T03:34:47ZMarc Dequènesduck@duckcorp.org
<p>We need this PR to be accepted to get yarn working properly:<br /><a class="external" href="https://github.com/ansible/ansible/pull/50236">https://github.com/ansible/ansible/pull/50236</a></p>
<p>It is needed by the <em>thelounge</em> role.</p> DuckCorp Infrastructure - Tracking #680 (New): roundcube: cannot delete multi-page selectionhttps://projects.duckcorp.org/issues/6802019-09-30T04:47:00ZMarc Dequènesduck@duckcorp.org
<p>If you select all mails in a box or through a search then deletion will only affect the current page; mails outside the visible page will not be affected. Selecting all mails without exception is working fine though.</p>
<p>See long-standing upstream bug: <a class="external" href="https://github.com/roundcube/roundcubemail/issues/5065">https://github.com/roundcube/roundcubemail/issues/5065</a></p> DuckCorp Infrastructure - Tracking #677 (New): roundcube/twofactor_gauthenticator: bug in 2FA QR ...https://projects.duckcorp.org/issues/6772019-09-21T08:52:57ZMarc Dequènesduck@duckcorp.org
<p><a class="external" href="https://github.com/alexandregz/twofactor_gauthenticator/issues/99">https://github.com/alexandregz/twofactor_gauthenticator/issues/99</a></p>
<p>According to the BR it is possible to get the QR code simply by switching back to the <em>Larry</em> theme temporarily.</p> DuckCorp Infrastructure - Enhancement #675 (In Progress): Publish DANE/TLSA records for Let's Enc...https://projects.duckcorp.org/issues/6752019-09-20T17:42:05ZMarc Dequènesduck@duckcorp.orgDuckCorp Infrastructure - Enhancement #673 (New): Dovecot submission serverhttps://projects.duckcorp.org/issues/6732019-09-09T06:57:36ZMarc Dequènesduck@duckcorp.org
<p>Would be nice to enable BURL/URLAUTH extensions and possibly other things in the future (like SIEVE filtering for outgoing messages).</p>
<p>I saw fixes in recent releases, so I need to assess if it can be put in production. When it's in place we can think about extra features.</p> DuckCorp Infrastructure - Tracking #672 (In Progress): redmine: 2FA supporthttps://projects.duckcorp.org/issues/6722019-09-09T06:49:25ZMarc Dequènesduck@duckcorp.org
<p>The is a <a href="https://www.redmine.org/issues/1237" class="external">long standing upstream BR</a> with a series of patches which were recently updated. Unfortunately it is not implemented as a plugin so let's track the inclusion progress.</p> DuckCorp Infrastructure - Enhancement #668 (New): GPG WKDhttps://projects.duckcorp.org/issues/6682019-08-23T09:01:18ZMarc Dequènesduck@duckcorp.org
See:
<ul>
<li><a class="external" href="https://wiki.gnupg.org/WKDDetails">https://wiki.gnupg.org/WKDDetails</a></li>
<li><a class="external" href="https://wiki.gnupg.org/WKDHosting">https://wiki.gnupg.org/WKDHosting</a></li>
</ul> DuckCorp Infrastructure - Enhancement #665 (Blocked): use the Rspamd package provided by Debian i...https://projects.duckcorp.org/issues/6652019-08-18T05:30:44ZMarc Dequènesduck@duckcorp.org
<p>The current version is recent in the backports, so if it follows new releases without too much delay it could be interesting to switch.</p>